<?php

include 'base.php';

$act = empty ( $_POST ['act'] ) ? '' : $_POST ['act'];

if (! in_array ( $act, array ('create', 'login', 'forget' ) )) {
	die ();
}

//print_r($_POST);die();


switch ($act) {

	case 'login' : //用戶登錄
		$_user = daddslashes ( $_POST ['username'] );
		$_pswd = daddslashes ( $_POST ['password'] );
		if(empty($_user) || empty($_pswd)){ die();}
		$s = 1;
		$doc = $db->do_one ( 'customers', 'id,password,rank,logintime,email', 'username="' . $_user . '"' );
		if (! empty ( $doc ['id'] ) && ! empty ( $doc ['password'] )) {
			if (validate_password ( $_pswd, $doc ['password'] )) {
				//echo $doc['id'];
				if($doc['rank']==4){dheader ( 'account.php?act=login&user=' . $_user . '&code=3' );}
				$_SESSION ['uid'] = $doc ['id'];
				$_SESSION ['uname'] = $_user;
				$_SESSION ['uemail'] = $doc ['email'];
				$doc = array ('logintime' => $now,'lasttime' => $doc['logintime'], 'loginip' => getip () );
				$db->do_update ( 'customers', $doc, 'username="' . $_user . '"' );
				$s = 0;
				//dheader ( 'index.php' );
				//gourlreferer();
			} else {
				//dheader ( 'index.php' );
			}
			
		} else {
			//dheader ( 'index.php' );
		}
		echo $s;die();

		break;



	default :
		//echo 1;
		break;
}

$nav = array ('title' => '' );
$tpl->assign ( 'nav', $nav );

//$tpl->display('account');


?>